EP2469753A1 - Verfahren, vorrichtung und netzwerksystem zur aushandlung von verschlüsselungsinformationen - Google Patents

Verfahren, vorrichtung und netzwerksystem zur aushandlung von verschlüsselungsinformationen Download PDF

Info

Publication number
EP2469753A1
EP2469753A1 EP10811242A EP10811242A EP2469753A1 EP 2469753 A1 EP2469753 A1 EP 2469753A1 EP 10811242 A EP10811242 A EP 10811242A EP 10811242 A EP10811242 A EP 10811242A EP 2469753 A1 EP2469753 A1 EP 2469753A1
Authority
EP
European Patent Office
Prior art keywords
information
encryption
capabilities
certificate
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP10811242A
Other languages
English (en)
French (fr)
Other versions
EP2469753A4 (de
Inventor
Ping Fang
Huangwei Wu
Qinliang Zhang
Yu Zhu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Device Co Ltd
Original Assignee
Huawei Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd filed Critical Huawei Device Co Ltd
Publication of EP2469753A1 publication Critical patent/EP2469753A1/de
Publication of EP2469753A4 publication Critical patent/EP2469753A4/de
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and a device for negotiating encryption information, and a network system.
  • Telephony Server provides telephone services for other devices in a home network.
  • the TC receives data streams from the TS in the home network and presents the data stream information to the user; and/or provides data streams for the TS.
  • the TCP exercises control to implement telephone service sharing between the TC and the TS in the home network.
  • the connection relation between the TC, the TS, and the TCP is shown in FIG. 1 .
  • the data streams between the TC and the TS are transmitted through an outband mechanism, and the data streams transmitted between the TC and the TS include media streams and/or short messages.
  • Embodiments of the present invention provide a method and a device for negotiating encryption information, and a network system to ensure security of data streams transmitted between the TC and the TS.
  • a method for negotiating encryption information includes:
  • a method for negotiating encryption information includes:
  • a device for negotiating encryption information includes:
  • a device for negotiating encryption information includes:
  • a network system includes:
  • a network system includes:
  • the encryption information applicable to the first device and the second device is determined according to the information about encryption capabilities of the first device and the second device, and is sent to the first device and the second device respectively; therefore, the first device and the second device may use the encryption information to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • the second device obtains the certificate information of the first device through the control point, and negotiates the encryption information with the first device after authenticating the first device successfully; therefore, the first device and the second device may use the encryption information to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • FIG. 1 is a structure diagram of a home network in the conventional art
  • FIG. 2 is a flowchart of a method for negotiating encryption information according to a first embodiment of the present invention
  • FIG. 3 is a flowchart of a method for negotiating encryption information according to a second embodiment of the present invention
  • FIG. 4 is a flowchart of a method for negotiating encryption information according to a third embodiment of the present invention.
  • FIG. 5 is a flowchart of a method for negotiating encryption information according to a fourth embodiment of the present invention.
  • FIG. 6 is a flowchart of a method for negotiating encryption information according to a fifth embodiment of the present invention.
  • FIG. 7 is a flowchart of a method for negotiating encryption information according to a sixth embodiment of the present invention.
  • FIG. 8 is a flowchart of a method for negotiating encryption information according to a seventh embodiment of the present invention.
  • FIG. 9 is a structure diagram of a device for negotiating encryption information according to an eighth embodiment of the present invention.
  • FIG. 10 is a structure diagram of a device for negotiating encryption information according to a ninth embodiment of the present invention.
  • a method for negotiating encryption information in this embodiment includes the following steps.
  • 201 Obtain information about encryption capabilities of a first device and information about encryption capabilities of a second device.
  • Step 202 and step 203 that follow this step are performed by a control point.
  • the first device is a TC and the second device is a TS; or, the first device is a TS and the second device is a TC.
  • the TCP in this step is a control point authorized by the TC and the TS, and is entitled to access the TC and the TS. Therefore, before this step, the TCP needs to get authorized by the TS and the TC.
  • the TC authorizes the TCP to access the TC
  • the TC stores an Identifier (ID) of the TCP into an Access Control List (ACL) of the TC, where the ID of the TCP may be a Hash value of a certificate of the TCP.
  • ACL Access Control List
  • the TS stores the ID of the TCP into an ACL of the TS, where the ID of the TCP may be a Hash value of the certificate of the TCP.
  • the TS and the TC are accessible to the authorized TCP based on the certificate of the TCP and the respectively stored ACL.
  • the TCP authorized by the TC and the TS obtains information about encryption capabilities of the TC by accessing the TC, and obtains information about encryption capabilities of the TS by accessing the TS.
  • control point is an Input Control Point (ICP)
  • the first device is an Input Client (IC) and the second device is an Input Server (IS), or the first device is an IS and the second device is an IC.
  • ICP Input Control Point
  • IC Input Client
  • IS Input Server
  • the ICP in this step is a control point authorized by the TC and the TS, and is entitled to access the IC and the IS. Therefore, before this step, the ICP needs to get authorized by the IS and the IC.
  • the IC authorizes the ICP to access the IC
  • the IC stores an ID of the ICP into an ACL of the IC, where the ID of the ICP may be a Hash value of the certificate of the ICP.
  • the IS authorizes the ICP to access the IS
  • the IS stores the ID of the ICP into an ACL of the IS, where the ID of the ICP may be a Hash value of the certificate of the ICP.
  • the IS and the IC are accessible to the authorized ICP based on the certificate of the ICP and the respectively stored ACL.
  • the ICP authorized by the IC and the IS obtains information about encryption capabilities of the IC by accessing the IC, and obtains information about encryption capabilities of the IS by accessing the IS.
  • the information about encryption capabilities of the first device may include a transport protocol, an encryption protocol, an encryption algorithm, and a maximum password length, which are supported by the first device; and the information about encryption capabilities of the second device may include a transport protocol, an encryption protocol, an encryption algorithm, and a maximum password length, which are supported by the TS.
  • the encryption information includes an encryption algorithm (such as Advanced Encryption Standard (AES) or Data Encryption Standard (DES)) and a key; or the encryption information includes an encryption protocol such as a Secure Socket Layer (SSL) protocol.
  • AES Advanced Encryption Standard
  • DES Data Encryption Standard
  • SSL Secure Socket Layer
  • the first device and the second device negotiate the encryption algorithm and the key subsequently according to the encryption protocol, and implement encrypted transmission of the communication data streams to ensure security of communication between the first device and the second device. For example, if an SSL protocol is applied, the first device and the second device negotiate a key exchange algorithm, a data encryption algorithm and a digest algorithm through a handshake protocol, and generate a key known to only the first device and the second device by using the negotiated key exchange algorithm.
  • the control point may set up a secure transmission channel to the first device and the second device respectively, for example, through an SSL protocol or a Transport Layer Security (TLS) protocol.
  • the control point obtains information about encryption capabilities of the first device through the secure transmission channel to the first device, obtains information about encryption capabilities of the second device through the secure transmission channel to the second device, transmits the encryption information to the first device through the secure transmission channel to the first device, and transmits the encryption information to the second device through the secure transmission channel to the second device.
  • TLS Transport Layer Security
  • the encryption information is determined according to the information about encryption capabilities of the first device and the second device, and is sent to the first device and the second device respectively; therefore, the first device and the second device may use the encryption information to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • a method for negotiating encryption information is provided in this embodiment.
  • the TCP trusted by both the TC and the TS selects an encryption algorithm supported by both the TC and the TS and generates a key, and notifies the encryption algorithm and the key to the TC and the TS.
  • the method includes the following steps.
  • the TCP obtains information about media capabilities of the TC from the TC.
  • the information about media capabilities includes information about a transport protocol supported by the TC and information about encryption capabilities of the TC.
  • the information about encryption capabilities includes information about an encryption algorithm and information about a key length supported by the TC.
  • the information about the key length may be a maximum key length supported by the TC.
  • the TCP may obtain the information about media capabilities of the TC through a GetMediaSessionCapability() command.
  • the TCP obtains information about media capabilities of the TS from the TS.
  • the information about media capabilities includes information about a transport protocol supported by the TS and information about encryption capabilities of the TS.
  • the information about encryption capabilities includes information about an encryption algorithm and information about a key length supported by the TS.
  • the information about the key length may be a maximum key length supported by the TS.
  • the TCP may obtain the information about media capabilities of the TS from the TS through a GetMediaSessionCapability() command.
  • the TCP determines session parameters required for performing a session between the TC and the TS according to the information about media capabilities of the TC and the information about media capabilities of the TS.
  • the session parameters include: the transport protocol, encryption algorithm, and key applicable to both the TC and the TS.
  • the determining, by the TCP, the encryption algorithm applicable to the TC and the TS refers to selecting, by the TCP, the encryption algorithm supported by both the TC and the TS.
  • the TCP generates a key according to the information about encryption capabilities of the TC and the information about encryption capabilities of the TS. Specifically, the TCP generates a key according to the maximum key length supported by the TC and the maximum key length supported by the TS, so that it is ensured that the generated key meets the key length requirements of the TC and the TS.
  • the TCP sends the session parameters to the TC as an indication of setting up a data channel between the TC and the TS according to the session parameters, whereupon the TC sends a response message to the TCP.
  • the TCP sends the session parameters to the TC, and therefore, the TC sets up a data channel to the TS according to the session parameters, and then encrypts and/or decrypts the data streams transmitted between the TC and the TS by using the encryption algorithm and the key indicated in the session parameters.
  • the TCP may use a SetMediaSession(MediaCapability,%) command to send the session parameters to the TC.
  • MediaCapability in the SetMediaSession(MediaCapability,%) command refers to the session parameters.
  • the TCP sends the session parameters to the TS, and therefore, the TS sets up a data channel to the TC according to the session parameters, and then encrypts and/or decrypts the data streams transmitted between the TC and the TS by using the encryption algorithm and the key indicated in the session parameters.
  • the TCP may use a SetMediaSession(MediaCapability,%) command to send the session parameters to the TS.
  • the TCP sends a notification message to the TS as an indication of starting transmitting data streams.
  • the TCP sends a StartMediaSession() command to the TS as an indication of starting transmitting data streams in an outband mode.
  • the TS encrypts the data streams to be sent according to the encryption algorithm and the key, and then sends the data streams, and the TC decrypts the data streams received from the TS according to the encryption algorithm and the key; or the TC encrypts the data streams to be sent according to the encryption algorithm and the key, and then sends the data streams, and the TS decrypts the data streams received from the TC according to the encryption algorithm and the key.
  • the TCP sends a notification message to the TC as an indication of ending the session.
  • the TCP sends a StopMediaSession() command to the TC to end the session.
  • the TCP sends a notification message to the TS as an indication of ending the session.
  • the TCP sends a StopMediaSession() command to the TS to end the session.
  • the messages in steps 301 to 309 are transmitted in a secure transmission channel, which prevents the message content from being intercepted by illegal devices. Therefore, the illegal devices are unable to know the key.
  • the TCP trusted by the TC and the TS obtains the information about encryption capabilities of the TC and the TS, selects the encryption algorithm supported by both the TC and the TS, and generates the key.
  • the TCP sends the encryption algorithm and the key to the TC and the TS respectively.
  • the sender (TC or TS) of a data stream uses the encryption algorithm and the key to encrypt the data stream to be sent
  • the receiver (TS or TC) of the data stream uses the encryption algorithm and the key to decrypt the received data stream, which ensures security of the data stream transmitted between the TC and the TS in an outband mode.
  • a method for negotiating encryption information is provided in this embodiment.
  • This embodiment differs from the second embodiment in that, a GetencryptCapability() command is used to obtain the information about encryption capabilities of the TC and the TS, and a Setencrypt() command is used to send the encryption algorithm and the key to the TC and the TS.
  • the method includes the following steps.
  • the TCP obtains information about media capabilities of the TC from the TC.
  • the information about media capabilities includes information about a transport protocol supported by the TC.
  • the TCP may obtain the information about media capabilities of the TC through a GetMediaSessionCapability() command.
  • the TCP obtains information about media capabilities of the TS from the TS.
  • the information about media capabilities includes the information about the transport protocol supported by the TS.
  • the TCP may obtain the information about media capabilities of the TS from the TS through a GetMediaSessionCapability() command.
  • the TCP determines session parameters required for performing a session between the TC and the TS according to the information about media capabilities of the TC and the information about media capabilities of the TS.
  • the session parameters include the transport protocol supported by both the TC and the TS.
  • the TCP sends the session parameters to the TC as an indication of setting up a data channel between the TC and the TS according to the session parameters, whereupon the TC sends a response message to the TCP.
  • the TCP may use a SetMediaSession(MediaCapability,%) command to send the session parameters to the TC.
  • MediaCapability in the SetMediaSession(MediaCapability,%) command refers to the session parameters.
  • the TCP sends the session parameters to the TS as an indication of setting up a data channel between the TS and the TC according to the session parameters.
  • the TCP may use a SetMediaSession(MediaCapability,%) command to send the session parameters to the TS.
  • the TCP obtains information about encryption capabilities of the TC from the TC.
  • the information about encryption capabilities includes information about an encryption algorithm and information about a key length supported by the TC.
  • the information about the key length may be a maximum key length supported by the TC.
  • the TCP may obtain the information about encryption capabilities of the TC from the TC through a GetencryptCapability() command.
  • the TCP obtains information about encryption capabilities of the TS from the TS.
  • the information about encryption capabilities includes information about an encryption algorithm and information about a key length supported by the TS.
  • the information about the key length may be a maximum key length supported by the TS.
  • the TCP may obtain the information about encryption capabilities of the TS from the TS through a GetencryptCapability() command.
  • the TCP determines the encryption algorithm applicable to the TC and the TS according to the information about encryption capabilities of the TC and the TS, and generates a key.
  • the TCP notifies the determined encryption algorithm and key to the TC, and therefore, the TC may encrypt and/or decrypt the data streams transmitted between the TC and the TS subsequently by using the encryption algorithm and the key indicated in the session parameters.
  • the TCP sends a Setencrypt(encryptCapability,%) command that carries the encryption algorithm and the key to the TC, where "encryptCapability" refers to the encryption algorithm and the key.
  • the TCP notifies the determined encryption algorithm and key to the TS, and therefore, the TS may encrypt and/or decrypt the data streams transmitted between the TC and the TS subsequently by using the encryption algorithm and the key indicated in the session parameters.
  • the TCP sends a Setencrypt(encryptCapability,%) command that carries the encryption algorithm and the key to the TS, where "encryptCapability" refers to the encryption algorithm and the key.
  • Steps 411 to 414 are the same as steps 306 to 309, and the details thereof will not be described herein agian.
  • the messages in steps 401 to 415 are transmitted in a secure transmission channel, which prevents the message content from being intercepted by illegal devices. Therefore, the illegal devices are unable to know the key.
  • the TCP trusted by the TC and the TS obtains the information about encryption capabilities of the TC and the TS, selects the encryption algorithm supported by both the TC and the TS, and generates the key.
  • the TCP sends the encryption algorithm and the key to the TC and the TS respectively.
  • the sender (TC or TS) of a data stream uses the encryption algorithm and the key to encrypt the data stream to be sent
  • the receiver (TS or TC) of the data stream uses the encryption algorithm and the key to decrypt the received data stream, which ensures security of the data stream transmitted between the TC and the TS in an outband mode.
  • the information about encryption capabilities obtained by the TCP from the TS and the TC respectively may include an encryption protocol.
  • the TCP determines the encryption protocol applicable to the TS and the TC, and sends information about the determined encryption protocol to the TC and the TS respectively. Subsequently, the TC and the TS negotiate the encryption algorithm and the key according to the encryption protocol, which also achieves the objectives of the present invention.
  • a method for negotiating encryption information is provided in this embodiment.
  • the ICP trusted by both the IC and the IS selects an encryption algorithm supported by both the IC and the IS and generates a key, and notifies the encryption algorithm and the key to the IC and the IS.
  • the method includes the following steps.
  • the ICP obtains information about input capabilities of the IC from the IC.
  • the information about input capabilities includes information about a transport protocol supported by the IC and information about encryption capabilities of the IC.
  • the information about encryption capabilities includes information about an encryption algorithm and information about a key length supported by the IC.
  • the information about the key length may be a maximum key length supported by the IC.
  • the IS provides information input services for other devices in a home network; the IC receives information from the IS in the home network; and the ICP exercises control to implement sharing of the input function between the IC and the IS in the home network.
  • the ICP may obtain the information about input capabilities of the IC through a GetInputCapability() command.
  • the ISP obtains information about input capabilities of the IS from the IS.
  • the information about input capabilities includes information about a transport protocol supported by the IS and information about encryption capabilities of the IS.
  • the information about encryption capabilities includes information about an encryption algorithm and information about a key length supported by the IS.
  • the information about the key length may be a maximum key length supported by the IS.
  • the ICP may obtain the information about input capabilities of the IS from the IS through a GetInputCapability() command.
  • the ICP determines session parameters required for performing a session between the IC and the IS according to the information about input capabilities of the IC and the information about input capabilities of the IS.
  • the session parameters include: the transport protocol, encryption algorithm, and key applicable to both the IC and the IS.
  • the determining, by the ICP, the encryption algorithm applicable to the IC and the IS refers to selecting, by the ICP, the encryption algorithm supported by both the IC and the IS.
  • the ICP generates a key according to the information about encryption capabilities of the IC and the information about encryption capabilities of the IS. Specifically, the ICP generates a key according to the maximum key length supported by the IC and the maximum key length supported by the IS, so that it is ensured that the generated key meets the key length requirements of the IC and the IS.
  • the ICP sends the session parameters to the IC as an indication of setting up a data channel between the IC and the IS according to the session parameters, whereupon the IC sends a response message to the ICP.
  • the ICP sends the session parameters to the IC, and therefore, the IC sets up a data channel to the IS according to the session parameters, and then encrypts and/or decrypts the data streams transmitted between the IC and the IS by using the encryption algorithm and the key indicated in the session parameters.
  • the ICP may use a SetInputSession(Capability,%) command to send the session parameters to the IC.
  • “Capability” in the SetInputSession(Capability,%) command refers to the session parameters.
  • the ICP sends the session parameters to the IS, and therefore, the IS sets up a data channel to the IC according to the session parameters, and then encrypts and/or decrypts the data streams transmitted between the IC and the IS by using the encryption algorithm and the key indicated in the session parameters.
  • the ICP may use a SetInputSession(Capability,%) command to send the session parameters to the IS.
  • the ICP sends a notification message to the IS as an indication of starting transmitting data streams.
  • the ICP sends a StartInputSession() command to the IS as an indication of starting transmitting data streams in an outband mode.
  • the IS encrypts the data stream to be sent according to the encryption algorithm and the key, and sends the data stream; and the IC decrypts the data stream received from the IS according to the encryption algorithm and the key.
  • the ICP sends a notification message to the IC as an indication of ending the session.
  • the ICP sends a StopInputSession() command to the IC to end the session.
  • the ICP sends a notification message to the IS as an indication of ending the session.
  • the ICP sends a StopInputSession() command to the IS to end the session.
  • the ICP trusted by the IC and the IS obtains the information about encryption capabilities of the IC and the IS, selects the encryption algorithm supported by both the IC and the IS, and generates the key.
  • the ICP sends the encryption algorithm and the key to the IC and the IS respectively.
  • the sender (IC or IS) of a data stream uses the encryption algorithm and the key to encrypt the data stream to be sent
  • the receiver (IS or IC) of the data stream uses the encryption algorithm and the key to decrypt the received data stream, which ensures security of the data stream transmitted between the IC and the IS in an outband mode.
  • a method for negotiating encryption information in this embodiment includes the following steps.
  • a second device receives certificate information of a first device from a control point.
  • the first device is a TC and the second device is a TS; or, the first device is a TS and the second device is a TC.
  • the TCP is a control point authorized by the TC and the TS and is entitled to access the TC and the TS, and may set up a secure transmission channel to the TC and the TS respectively, for example, through an SSL protocol or a TLS protocol. Therefore, before this step, the TCP needs to get authorized by the TS and the TC.
  • the TC authorizes the TCP to access the TC
  • the TC stores an ID of the TCP into an ACL of the TC, where the ID of the TCP may be a Hash value of a certificate of the TCP.
  • the TS when the TS authorizes the TCP to access the TS, the TS stores the ID of the TCP into an ACL of the TS, where the ID of the TCP may be a Hash value of the certificate of the TCP. Subsequently, the TS and the TC are accessible to the authorized TCP based on the certificate of the TCP and the respectively stored ACL.
  • the first device is an IC and the second device is an IS; or, the first device is an IS and the second device is an IC.
  • the ICP is a control point authorized by the IC and the IS and is entitled to access the IC and the IS, and may set up a secure transmission channel to the IC and the IS respectively, for example, through an SSL protocol or a TLS protocol. Therefore, before this step, the ICP needs to get authorized by the IS and the IC.
  • the IC authorizes the ICP to access the IC, the IC stores an ID of the ICP into an ACL of the IC, where the ID of the ICP may be a Hash value of the certificate of the ICP.
  • the IS when the IS authorizes the ICP to access the IS, the IS stores the ID of the ICP into an ACL of the IS, where the ID of the ICP may be a Hash value of the certificate of the ICP. Subsequently, the IS and the IC are accessible to the authorized ICP based on the certificate of the ICP and the respectively stored ACL.
  • the control point needs to obtain the certificate information of the first device.
  • the obtaining modes include but are not limited to: the control point obtains the certificate information of the first device from the first device; or, the control point generates a certificate for the first device and sends it to the second device, and sends the information about the certificate to the first device.
  • the certificate information of the first device includes the certificate of the first device or a Hash value of the certificate of the first device.
  • the second device authenticates the first device according to the certificate information of the first device.
  • the second device negotiates encryption information with the first device after authenticating the first device successfully, where the encryption information serves as a basis for encrypting and/or decrypting data streams between the first device and the second device.
  • the second device obtains the certificate information of the first device through the control point, and negotiates the encryption information with the first device after authenticating the first device successfully; therefore, the first device and the second device may use the encryption information to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • a method for negotiating encryption information is provided in this embodiment.
  • the TCP trusted by both the TC and the TS obtains certificate information of either the TC or the TS, and sends the certificate information to the TS or the TC.
  • the TC and the TS may authenticate each other and negotiate the encryption algorithm and the key.
  • the method includes the following steps.
  • Steps 701 to 705 are the same as steps 401 to 405 in the fourth embodiment, and the details thereof will not be described herein agian.
  • the TCP obtains certificate information of the TC from the TC.
  • the certificate information of the TC includes a certificate of the TC or a Hash value of the certificate of the TC.
  • the TCP obtains the certificate information of the TC from the TC through a GetDeiveAuthenticationInfo() command.
  • the TCP obtains certificate information of the TS from the TS.
  • the certificate information of the TS includes a certificate of the TS or a Hash value of the certificate of the TS.
  • the TCP obtains the certificate information of the TS from the TS through a GetDeiveAuthenticationInfo() command.
  • the TCP sends the certificate information of the TS to the TC.
  • the TCP may send the certificate information of the TS to the TC through a SetDeiveAuthInfo(TSinfo,%) command, where "TSinfo" refers to the certificate information of the TS.
  • the certificate information of the TS is used by the TC for authenticating the TS subsequently.
  • the TCP sends the certificate information of the TC to the TS.
  • the TCP may send the certificate information of the TC to the TS through a SetDeiveAuthInfo(TSinfo,%) command, where "TSinfo" refers to the certificate information of the TC.
  • the certificate information of the TC is used by the TS for authenticating the TC subsequently.
  • the TCP sends a notification message to the TS as an indication of starting transmitting data streams.
  • the TCP sends a StartMediaSession() command to the TS as an indication of starting transmitting data streams in an outband mode.
  • the TS and the TC authenticate each other according to the certificate information of the opposite party, and negotiate the encryption algorithm and the key after the authentication succeeds.
  • one party may authenticate the other party (such as TC) in the following way.
  • the TC uses a private key of its certificate to encrypt an information segment known to both the TC and the TS, adds the certificate onto the information segment, and sends the information segment to the TS.
  • the TS receives the information segment, if the certificate information of the TC obtained in step 709 is a Hash value of the certificate of the TC, the TS performs Hash operation for the certificate of the TC first, and then compares the operation result with the Hash value of the certificate of the TC which is obtained in step 709.
  • the TS uses a public key in the certificate of the TC to decrypt the information segment encrypted by the TC through the private key of the TC, compares the decrypted information with the information segment known beforehand, and determines the TC as passing the authentication if the decrypted information matches the known information segment. If the certificate information of the TC obtained in step 709 is the certificate of the TC, the TS compares the certificate sent by the TC with the certificate of the TC obtained in step 709 directly.
  • the TS uses a public key in the certificate of the TC to decrypt the information segment encrypted by the TC through the private key of the TC, compares the decrypted information with the information segment known beforehand, and determines the TC as passing the authentication if the decrypted information matches the known information segment.
  • the TC authenticates the TS in the same way, and the details thereof will not be described herein agian.
  • the encryption algorithm may be negotiated by the TS and the TC in this way: the TC reports the encryption algorithm supported by the TC to the TS, and the TS selects an encryption algorithm supported by both the TC and the TS accordingly.
  • the TS and the TC may use an SSL protocol to negotiate the key.
  • the TC and the TS negotiate a key exchange algorithm, a data encryption algorithm and a digest algorithm through a handshake protocol, and use the negotiated key exchange algorithm to generate a key known only to the TC and the TS.
  • the TS encrypts data streams to be sent according to the encryption algorithm and the key, and then sends the data streams, and the TC decrypts the data streams received from the TS according to the encryption algorithm and the key; or the TC encrypts data streams to be sent according to the encryption algorithm and the key, and then sends the data streams, and the TS decrypts the data streams received from the TC according to the encryption algorithm and the key.
  • the TCP sends a notification message to the TC as an indication of ending the session.
  • the TCP sends a StopMediaSession() command to the TC to end the session.
  • the TCP sends a notification message to the TS as an indication of ending the session.
  • the TCP sends a StopMediaSession() command to the TS to end the session.
  • the TCP trusted by the TC and the TS obtains the certificate information of the TC and sends it to the TS, and obtains the certificate information of the TS and sends it to the TC.
  • the TC and the TS negotiate the encryption algorithm and the key after authenticating each other successfully, and therefore, the TC and the TS may use the encryption algorithm and the key to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the TC and the TS in an outband mode.
  • a method for negotiating encryption information is provided in this embodiment.
  • the TCP trusted by both the TC and the TS generates certificate information of the TC and certificate information of the TS, sends the certificate information of the TS to the TC, and sends the certificate information of the TC to the TS.
  • the TC and the TS may authenticate each other and negotiate the encryption algorithm and the key.
  • the method includes the following steps.
  • Steps 801 to 805 are the same as steps 401 to 405 in the fourth embodiment, and the details thereof will not be described herein agian.
  • the TCP generates a certificate of the TC, sends the certificate to the TC, and sends the certificate information of the TC to the TS.
  • the certificate information may be the certificate of the TC or a Hash value of the certificate of the TC.
  • the certificate information of the TC may be sent to the TS through a SetDeiveAuthInfo(TSinfo,%) command, where "TSinfo" refers to the certificate information of the TC.
  • the TCP generates a certificate of the TS, sends the certificate to the TS, and sends the certificate information of the TS to the TC.
  • the certificate information may be the certificate of the TS or a Hash value of the certificate of the TS.
  • the certificate information of the TS may be sent to the TC through a SetDeiveAuthInfo(TSinfo,%) command, where "TSinfo" refers to the certificate information of the TS.
  • Steps 808 to 812 are the same as steps 710 to 714, and the details thereof will not be described herein agian.
  • the TCP trusted by the TC and the TS generates a certificate of the TC and sends it to the TC, generates a certificate of the TS and sends it to the TC, sends a Hash value of the certificate of the TC to the TS, and sends a Hash value of the certificate of the TS to the TC.
  • the TC and the TS negotiate the encryption algorithm and the key after authenticating each other successfully, and therefore, the TC and the TS may use the encryption algorithm and the key to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the TC and the TS in an outband mode.
  • the TCP trusted by both the TC and the TS sends the certificate information of the TS to the TC, and sends the certificate information of the TC to the TS.
  • the TC and the TS may authenticate each other and negotiate the encryption algorithm and the key.
  • the ICP trusted by both the IC and the IS may send the certificate information of the IS to the IC, and sends the certificate information of the IC to the IS. In this way, the IC and the IS may authenticate each other and negotiate the encryption algorithm and the key, which also achieves the objectives of the present invention.
  • the device may be a TCP authorized by a TC and a TS or an ICP authorized by an IC and an IS, and the device includes:
  • the device for negotiating encryption information further includes: a communication unit 904, configured to set up a first secure transmission channel from the device for negotiating encryption information to the first device, and set up a second secure transmission channel from the device for negotiating encryption information to the second device.
  • the obtaining unit 901 is configured to obtain information about encryption capabilities of the first device through the first secure transmission channel set up by the communication unit 904, and obtain information about encryption capabilities of the second device through the second secure transmission channel set up by the communication unit 904.
  • the sending unit 903 is configured to send the determined encryption information to the first device through the first secure transmission channel set up by the communication unit 904, and send the determined encryption information to the second device through the second secure transmission channel set up by the communication unit 904.
  • the encryption information may include an encryption algorithm and a key, or include an encryption protocol.
  • the first device When the device for negotiating encryption information is a TCP, the first device is a TC and the second device is a TS; or, the first device is a TS and the second device is a TC.
  • the device for negotiating encryption information is an ICP
  • the first device is an IC and the second device is an IS; or, the first device is an IS and the second device is an IC.
  • the device for negotiating encryption information trusted by the first device and the second device determines the encryption information applicable to the first device and the second device, and notifies the encryption information to the first device and the second device respectively; therefore, the first device and the second device may use the encryption information to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • a device for negotiating encryption information disclosed in this embodiment includes:
  • the device for negotiating encryption information is a TC, and the first device is a TS; or, the device for negotiating encryption information is a TS, and the first device is a TC.
  • the control point is an ICP
  • the device for negotiating encryption information is an IC
  • the first device is an IS
  • the device for negotiating encryption information is an IS
  • the certificate information of the first device may include the certificate of the first device or a Hash value of the certificate of the first device.
  • the device for negotiating encryption information obtains the certificate information of the first device through the control point, and negotiates the applicable encryption algorithm and key with the first device after authenticating the first device successfully; therefore, the first device and the second device may use the encryption algorithm and the key to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • the encryption information may include an encryption algorithm and a key, or include an encryption protocol.
  • the first device is further configured to negotiate the encryption algorithm and the key with the second device by using the encryption protocol
  • the second device is further configured to negotiate the encryption algorithm and the key with the first device by using the encryption protocol.
  • the first device is a TC and the second device is a TS; or, the first device is a TS and the second device is a TC.
  • the control point is an ICP
  • the first device is an IC and the second device is an IS; or, the first device is an IS and the second device is an IC.
  • a control point trusted by the first device and the second device determines the encryption information applicable to the first device and the second device, and notifies the encryption information to the first device and the second device respectively; therefore, the first device and the second device may use the encryption information to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • the first device is a TC and the second device is a TS; or, the first device is a TS and the second device is a TC.
  • the control point is an ICP
  • the first device is an IC and the second device is an IS; or, the first device is an IS and the second device is an IC.
  • the control point is further configured to obtain the certificate information of the first device, and the obtaining modes include but are not limited to: the control point obtains the certificate information of the first device from the first device; or, the control point generates a certificate for the first device and sends it to the second device, and sends the information about the certificate to the first device.
  • the certificate information of the first device includes the certificate of the first device or a Hash value of the certificate of the first device.
  • the second device obtains the certificate information of the first device through the control point trusted by the first device and the second device, and negotiates the applicable encryption algorithm and key with the first device after authenticating the first device successfully; therefore, the first device and the second device may use the encryption algorithm and the key to encrypt and/or decrypt the data streams transmitted there-between, which ensures security of the data streams transmitted between the first device and the second device in an outband mode.
  • the program may be stored in a computer readable storage medium such as a ROM, a magnetic disk or a CD-ROM.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP10811242A 2009-08-21 2010-08-23 Verfahren, vorrichtung und netzwerksystem zur aushandlung von verschlüsselungsinformationen Withdrawn EP2469753A4 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200910167221 CN101997679A (zh) 2009-08-21 2009-08-21 加密信息协商方法、设备及网络系统
PCT/CN2010/076226 WO2011023082A1 (zh) 2009-08-21 2010-08-23 加密信息协商方法、设备及网络系统

Publications (2)

Publication Number Publication Date
EP2469753A1 true EP2469753A1 (de) 2012-06-27
EP2469753A4 EP2469753A4 (de) 2013-03-27

Family

ID=43627251

Family Applications (1)

Application Number Title Priority Date Filing Date
EP10811242A Withdrawn EP2469753A4 (de) 2009-08-21 2010-08-23 Verfahren, vorrichtung und netzwerksystem zur aushandlung von verschlüsselungsinformationen

Country Status (6)

Country Link
US (1) US9055047B2 (de)
EP (1) EP2469753A4 (de)
JP (1) JP2013502782A (de)
KR (1) KR20120047972A (de)
CN (1) CN101997679A (de)
WO (1) WO2011023082A1 (de)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015065789A1 (en) 2013-11-01 2015-05-07 Intuit Inc. Method and system for automatically managing secure communications in multiple communications jurisdiction zones
WO2015080909A1 (en) * 2013-11-26 2015-06-04 Cisco Technology, Inc. Smart virtual private network
EP3046285A4 (de) * 2013-11-04 2016-08-31 Huawei Tech Co Ltd Verfahren, steuerungsnetzwerkelement und system zur verhandlung und verarbeitung von sicherheitsalgorithmen
US9684791B2 (en) 2013-10-14 2017-06-20 Intuit Inc. Method and system for providing a secure secrets proxy and distributing secrets
US9794240B2 (en) 2013-10-28 2017-10-17 Futurewei Technologies, In. System and method for signaling and verifying URL signatures for both URL authentication and URL-based content access authorization in adaptive streaming
US9894069B2 (en) 2013-11-01 2018-02-13 Intuit Inc. Method and system for automatically managing secret application and maintenance
US10021143B2 (en) 2013-11-06 2018-07-10 Intuit Inc. Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones
US10425427B2 (en) 2015-06-19 2019-09-24 Futurewei Technologies, Inc. Template uniform resource locator signing
US10635829B1 (en) 2017-11-28 2020-04-28 Intuit Inc. Method and system for granting permissions to parties within an organization
US10936711B2 (en) 2017-04-18 2021-03-02 Intuit Inc. Systems and mechanism to control the lifetime of an access token dynamically based on access token use

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103856321A (zh) * 2012-12-07 2014-06-11 观致汽车有限公司 一种数据加密解密方法及其系统
CN105850168B (zh) 2013-12-31 2019-11-29 华为终端有限公司 一种网络设备安全连接方法、相关装置及系统
CN106664195B (zh) * 2014-08-01 2020-05-15 广州小熊信息科技有限公司 一种数据处理方法、装置及系统
CN107925565B (zh) * 2015-06-30 2020-08-07 华为技术有限公司 算法更新方法、待更新设备及服务器
US10263968B1 (en) * 2015-07-24 2019-04-16 Hologic Inc. Security measure for exchanging keys over networks
US11323458B1 (en) 2016-08-22 2022-05-03 Paubox, Inc. Method for securely communicating email content between a sender and a recipient
US10805311B2 (en) * 2016-08-22 2020-10-13 Paubox Inc. Method for securely communicating email content between a sender and a recipient
CN108156120A (zh) * 2016-12-06 2018-06-12 阿里巴巴集团控股有限公司 加密传输数据、加密协议控制及被探测的方法、装置及系统
US10673901B2 (en) * 2017-12-27 2020-06-02 Cisco Technology, Inc. Cryptographic security audit using network service zone locking
US11184446B2 (en) 2018-12-05 2021-11-23 Micron Technology, Inc. Methods and apparatus for incentivizing participation in fog networks
US11256778B2 (en) * 2019-02-14 2022-02-22 Micron Technology, Inc. Methods and apparatus for checking the results of characterized memory searches
US11327551B2 (en) 2019-02-14 2022-05-10 Micron Technology, Inc. Methods and apparatus for characterizing memory devices
US10867655B1 (en) 2019-07-08 2020-12-15 Micron Technology, Inc. Methods and apparatus for dynamically adjusting performance of partitioned memory
US11449577B2 (en) 2019-11-20 2022-09-20 Micron Technology, Inc. Methods and apparatus for performing video processing matrix operations within a memory array
US11853385B2 (en) 2019-12-05 2023-12-26 Micron Technology, Inc. Methods and apparatus for performing diversity matrix operations within a memory array
CN115150172B (zh) * 2022-07-01 2023-08-11 北京百度网讯科技有限公司 数据处理方法及装置、设备和介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060274899A1 (en) * 2005-06-03 2006-12-07 Innomedia Pte Ltd. System and method for secure messaging with network address translation firewall traversal
US7219223B1 (en) * 2002-02-08 2007-05-15 Cisco Technology, Inc. Method and apparatus for providing data from a service to a client based on encryption capabilities of the client

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2212574C (en) * 1995-02-13 2010-02-02 Electronic Publishing Resources, Inc. Systems and methods for secure transaction management and electronic rights protection
FI20001837A (fi) * 2000-08-18 2002-02-19 Nokia Corp Autentikointi
KR100493895B1 (ko) * 2003-04-17 2005-06-10 삼성전자주식회사 협업 서비스를 위한 홈 네트워크 시스템 및 방법
CN100340086C (zh) 2003-12-10 2007-09-26 联想(北京)有限公司 智能构建无线设备网格的方法
CN100373843C (zh) * 2004-03-23 2008-03-05 中兴通讯股份有限公司 一种无线局域网中密钥协商方法
CN1332569C (zh) * 2004-04-23 2007-08-15 中兴通讯股份有限公司 协商选择空中接口加密算法的方法
CN1863048B (zh) * 2005-05-11 2012-04-11 中兴通讯股份有限公司 用户与接入设备间因特网密钥交换协商方法
US8509817B2 (en) * 2006-03-22 2013-08-13 Core Wireless Licensing S.A.R.L. System and method for mobile telephone and UPnP control point integration
US20070254630A1 (en) * 2006-04-24 2007-11-01 Nokia Corporation Methods, devices and modules for secure remote access to home networks
CN101102185B (zh) * 2006-07-06 2012-03-21 朗迅科技公司 Ims会话的媒体安全
US20090119510A1 (en) * 2007-11-06 2009-05-07 Men Long End-to-end network security with traffic visibility
JP5015662B2 (ja) * 2007-05-30 2012-08-29 株式会社リコー 暗号通信路復帰方法、暗号通信装置及び暗号通信システム
KR100948604B1 (ko) * 2008-03-25 2010-03-24 한국전자통신연구원 서버 기반 이동 인터넷 프로토콜 시스템에 있어서 보안방법
JP5024999B2 (ja) 2007-09-28 2012-09-12 東芝ソリューション株式会社 暗号管理装置、暗号管理方法、暗号管理プログラム
JP4405575B2 (ja) * 2007-09-28 2010-01-27 東芝ソリューション株式会社 暗号管理装置、復号管理装置、およびプログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7219223B1 (en) * 2002-02-08 2007-05-15 Cisco Technology, Inc. Method and apparatus for providing data from a service to a client based on encryption capabilities of the client
US20060274899A1 (en) * 2005-06-03 2006-12-07 Innomedia Pte Ltd. System and method for secure messaging with network address translation firewall traversal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2011023082A1 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9684791B2 (en) 2013-10-14 2017-06-20 Intuit Inc. Method and system for providing a secure secrets proxy and distributing secrets
US9794240B2 (en) 2013-10-28 2017-10-17 Futurewei Technologies, In. System and method for signaling and verifying URL signatures for both URL authentication and URL-based content access authorization in adaptive streaming
EP2951947A4 (de) * 2013-11-01 2016-11-02 Intuit Inc Verfahren und system zur automatischen verwaltung sicherer kommunikationen in mehrkommunikations-rechtsprechungsbereichen
WO2015065789A1 (en) 2013-11-01 2015-05-07 Intuit Inc. Method and system for automatically managing secure communications in multiple communications jurisdiction zones
US9894069B2 (en) 2013-11-01 2018-02-13 Intuit Inc. Method and system for automatically managing secret application and maintenance
US9942275B2 (en) 2013-11-01 2018-04-10 Intuit Inc. Method and system for automatically managing secure communications and distribution of secrets in multiple communications jurisdiction zones
US10028136B2 (en) 2013-11-04 2018-07-17 Huawei Technologies Co., Ltd. Negotiation processing method for security algorithm, control network element, and control system
EP3046285A4 (de) * 2013-11-04 2016-08-31 Huawei Tech Co Ltd Verfahren, steuerungsnetzwerkelement und system zur verhandlung und verarbeitung von sicherheitsalgorithmen
US10021143B2 (en) 2013-11-06 2018-07-10 Intuit Inc. Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones
US9516061B2 (en) 2013-11-26 2016-12-06 Cisco Technology, Inc. Smart virtual private network
WO2015080909A1 (en) * 2013-11-26 2015-06-04 Cisco Technology, Inc. Smart virtual private network
US10425427B2 (en) 2015-06-19 2019-09-24 Futurewei Technologies, Inc. Template uniform resource locator signing
US10936711B2 (en) 2017-04-18 2021-03-02 Intuit Inc. Systems and mechanism to control the lifetime of an access token dynamically based on access token use
US11550895B2 (en) 2017-04-18 2023-01-10 Intuit Inc. Systems and mechanism to control the lifetime of an access token dynamically based on access token use
US10635829B1 (en) 2017-11-28 2020-04-28 Intuit Inc. Method and system for granting permissions to parties within an organization
US11354431B2 (en) 2017-11-28 2022-06-07 Intuit Inc. Method and system for granting permissions to parties within an organization

Also Published As

Publication number Publication date
WO2011023082A1 (zh) 2011-03-03
EP2469753A4 (de) 2013-03-27
US9055047B2 (en) 2015-06-09
KR20120047972A (ko) 2012-05-14
US20120148044A1 (en) 2012-06-14
CN101997679A (zh) 2011-03-30
JP2013502782A (ja) 2013-01-24

Similar Documents

Publication Publication Date Title
US9055047B2 (en) Method and device for negotiating encryption information
TWI313996B (en) System and method for secure remote access
CN105577680B (zh) 密钥生成方法、解析加密数据方法、装置及密钥管理中心
US8763097B2 (en) System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication
US11736304B2 (en) Secure authentication of remote equipment
US20120198228A1 (en) System and method for digital user authentication
WO2010078755A1 (zh) 电子邮件的传送方法、系统及wapi终端
US20070266236A1 (en) Secure network and method of operation
WO2009076811A1 (zh) 密钥协商方法、用于密钥协商的系统、客户端及服务器
KR20090067155A (ko) 보안 연결 확립 방법, 보안 핸드쉐이크 서비스 확립 방법 및 컴퓨터 판독가능 매체
KR20080059616A (ko) 교환 세션의 총체적 보안
EP2951946B1 (de) Verfahren und system zum schutz von daten unter verwendung von datenpässen
CN111756528B (zh) 一种量子会话密钥分发方法、装置及通信架构
EP2269366B1 (de) Heimnetzwerksteuerungsvorrichtung und -verfahren zur gewinnung verschlüsselter steuerinformationen
CN103795966A (zh) 一种基于数字证书的安全视频通话实现方法及系统
KR20140091221A (ko) 웹 보안 프로토콜에 따른 암호화 데이터를 복호화하는 보안 장치 및 그것의 동작 방법
WO2010069102A1 (zh) 移动终端及其密钥传输、解密方法、保密通信的实现方法
JP2009104509A (ja) 端末認証システム、端末認証方法
EP4250158A1 (de) System und verfahren zur verwaltung der datenübertragung und des zugriffsrecht auf dateien
CN114531235B (zh) 一种端对端加密的通信方法及系统
CN117376909A (zh) 一种基于通用引导架构的单包授权认证方法及系统
Cam-Winget et al. Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST)
CN115567299A (zh) 一种基于端到端加密的消息传输方法及系统
CN112398805A (zh) 在客户机和服务机之间建立通信通道的方法
CN114978564A (zh) 基于多重加密的数据传输方法及装置

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20120220

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20130222

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 29/06 20060101AFI20130218BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20180116

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20180529